How do I get some forwarded emails to stop disappearing due to SPF?
January 25, 2014 10:27 AM   Subscribe

Right now I have the email setup of my small business so that (we'll call it) is our public address, and email sent there is forwarded by our host provider to, which is our main company account with Google Apps for Business. 99% of emails sent to come through to just fine, but there's that 1% that just disappear -- they don't go to spam folder, they don't seem to go anywhere. Help!

It seems this is due to the hard SPF policy that some senders use. For a while I thought I could get the forwarding to work for even these by modifying the SPF record of our forwarding domain (I swear, I was steered in that direction by the tech support of both my host and google apps), but the more I'm learning the more I'm thinking that's a wild goose chase.

The SPF wikipedia entry says one way to fix forwarding when there's an SPF record is through "whitelisting on the target server, so that it will not refuse a forwarded message", but I've tried adding the relevant ip ranges to the Email Whitelist and/or Inbound Gateway fields in Google Apps, to no success.

You may be asking yourself why I have all the email forwarding to my Googe Apps, rather than just using Google Apps for And I am starting to think all the forwarding indeed may have been a mistake... But the rationale was/is that I actually have quite a few forwarding addresses setup and I don't know if there's a way to do a similar setup on Google Apps. For example, all damage claim emails are sent to, which are then forwarded to several different employees, some of which have Google Apps accounts, some of which do not. Same with documents@, memos@, lessons@, hiring@, etc. etc. I suppose I could do all this with Google Groups, but it just doesn't seem as quick & easy to setup.

And at this point it pains me to think of having to re-migrate our Google Apps account from to and redo all those forwarders w/ Google Groups. If Metafilter tells me that's the only good solution, I shall do, but I'm hoping there's a more easy alternative.

Thank you very much for any guidance anyone can provide.
posted by jcfudgely to Technology (5 answers total)
I don't think SPF is your problem. That determines whether the receiving system treats it as spam or not. In this case, there are two receiving systems: The one receiving mail for your *com domain, let's call that Provider A, and Google, receiving for your *net domain.

Provider A receives mail from the internet from a variety of sources. For each piece of mail, Provider A is going to look up that sender's SPF record, and determine whether the mail came from a server specified as valid in that SPF record. If this check fails, Provider A may flag the mail as spam and may not deliver it onward to Google. Your own SPF is not involved at all in this process.

So, your mail might not be getting out of Provider A if they're flagging it as spam and dropping it. Let's assume they are sending it onward to Google. This is the second place where your mail could get rejected.

Google gets the forwarded message from Provider A. In order to ensure Google isn't going to start flagging this as suspicious either due to volume or spam flags, you should ensure that Provider A's sending servers are whitelisted in your Admin console.

Take a look at Google Apps Admin console, go to Gmail, then Advanced Settings. Under General Settings there, scroll down to the Spam section and take a look at the Email Whitelist. You should include Provider A's server IP addresses or names here.

You should also include the same addresses in the Inbound Gateway section.
posted by odinsdream at 1:34 PM on January 25, 2014

It's worth mentioning, though, that a simpler approach would be to point your *com MX records to your Google Apps account and add your *com as a Domain Alias to your *net
posted by odinsdream at 1:35 PM on January 25, 2014 [1 favorite]

Odinsdream, thank you so much for your response!
-I would assume the email is being forwarded by my host (bluehost) ok also. I don't have a Spam filter setup or anything like that.
-I've tried to Whitelist + Inbound Gateway the Bluehost IP range (which I've pasted below) but it didn't seem to have any effect. Though now that I think about it, maybe I needed to wait a few hours for it to kick in?,,,,,,,,

But if there's a simpler approach, I am definitely potentially interested.
I know the standard is to change the MX records at the domain registrar (1and1 in this case). However, I don't suppose if I changed them at my host instead (seems to be an option in CPanel) I could then keep my current forwarding setup?
-If not, is there a recommended way of setting up forwarding in Google Apps?

Thank you again
posted by jcfudgely at 2:21 PM on January 25, 2014

I am a bit worried you're misunderstanding how e-mail is delivered, and so I hesitate to recommend specific action. With that caveat:

If you have mailboxes over at Bluehost then you might want to keep the forwarding arrangement if you don't want to actually migrate those mailboxes over to Google.

However, if you're just using Bluehost to receive mail for *com and forward it to Google this is not the best way to go about it.

Instead, I would change the MX records for *com such that they are identical to the MX records for *net. You would do this wherever your domain's DNS is hosted (typically but not always this is the same place where you register your domain).

Then go to the Google Apps control panel for *net and set up the *com as a Domain Alias.

This allows Google to receive mail for either domain and do whatever you want to with it. It's not obvious, but you don't need to set up Google Groups just to take e-mail for a single address and send it to several people.

Here's what we do:

If you have an address like that needs to go to just one internal person, you can handle this by adding as an Alias on the user's Profile.

If you have an address like that needs to go to multiple people, you can either establish a Group with those members. Or, if you don't actually want to have a group just for something that simple, you can do the following:

Go to Google Apps > Gmail > Default Routing

Click Add Setting, then specify Single Recipient:

Under Also Deliver To: click Add More Recipients, then click the Add button for as many destinations as you need.

At the bottom choose "Perform this action on non-recognized and recognized addresses"

Clear as mud, right? It's simple to build once you get the hang of it, and it lets you set up your group addresses without literally having a Google Group for each one.
posted by odinsdream at 12:47 PM on January 26, 2014

That's perfect. I'll definitely be taking your advice and switching *com MX to google. Thank you!!
posted by jcfudgely at 4:46 PM on January 26, 2014

« Older Explain to me why trading stocks is a good thing   |   The best laid plans of mice and men Newer »
This thread is closed to new comments.